Professional Documents
Culture Documents
OMRON Machine Safety Risk Assessment
OMRON Machine Safety Risk Assessment
What is it?
Risk Assessment
The process by which the intended use (and reasonably
foreseeable misuse) of the machine, the tasks and hazards, and
the level of risk are determined
Risk Reduction
The application of protective measures to reduce the risk to a
tolerable level
Why do it?
How do I do it?
Regardless of which standard you follow, the process
contains 12 essential steps
You can create your own process, as long as its
based on industry best practices
You can conduct the process in house, request it from
your OEM, or contract an outside service provider
Step 1
Step 2
approach
Step 3
Step 4
Planned maintenance
Unplanned maintenance
Recovery from crash
Troubleshooting
Housekeeping
Decommissioning
Disposal
Step 5
Task
Operator
Maintenance
Trainees
Passers-by
Managers
Supervisors
Programmers
Engineers
Office Personnel
Quality Coach
Sales Personnel
Contractors
Riggers
Hazard
Task
Operator
Load
Operator
Unload Part
Operator
Unload Scrap
Operator
Cycle
Operator
Lube Die
Operator
Clean Die
Operator
Tape Die
Operator
Power Up
Operator
Power Down
Operator
Clean Press
Operator
Clean Workspace
Operator
Teach Trainees
Maintenance
Change Die
Maintenance
Maintenance
Preventative Maintenance
Maintenance
Hazard
Task
Hazard
Operator
Load
Shearing
Operator
Load
Cutting or Severing
Operator
Load
Stabbing or Puncturing
Operator
Load
Operator
Load
Operator
Load
Operator
Load
Operator
Load
Operator
Load
Falling Objects
Operator
Load
Operator
Unload Part
Crushing
Operator
Unload Part
Shearing
Operator
Unload Part
Cutting or Severing
Operator
Unload Part
Operator
Unload Part
Operator
Unload Part
ANSI B11.0-2010
Identifying tasks and hazards is a critically important part of the risk assessment
process because hazards not identified can create substantial unknown risks. There
are many different approaches to identifying hazards. Depending on the complexity of
the machinery, useful methods may include but are not limited to:
using intuitive operational and engineering judgment;
examining system specifications and expectations;
reviewing codes, regulations, and consensus standards;
interviewing current or intended system users and/or operators;
consulting checklists;
reviewing studies from other similar systems;
evaluating the potential for unwanted energy releases/exposures to hazardous environments;
reviewing historical data/industry experience, incident investigation reports (including accident or near-miss
events), OSHA, Bureau of Labor Statistics and National Safety Council data, manufacturers literature;
considering potential mishaps with surrounding equipment and operations;
brainstorming.
Assumptions
The risk assessment process includes identifying hazards
regardless of the existence of risk reduction (safeguarding)
measures.
The machine should not be considered harmless as shipped and
guarded.
To assure that all hazards are included, hazard identification
should be conducted with all safeguards conceptually removed.
This is to assure that hazards are not ignored due to an assumption that the safeguard
supplied is adequate for all tasks, including reasonably foreseeable misuse.
Steps 6 & 7
ANSI B11.TR3
ANSI B11.TR3
Severity Level
Probability
Catastrophic
Serious
Moderate
Minor
Very Likely
High
High
High
Medium
Likely
High
High
Medium
Low
Unlikely
Medium
Medium
Low
Negligible
Remote
Low
Low
Negligible
Negligible
ANSI B11.TR3
Barrier guard or protective device preventing unintended exposure of any part of the body to the hazard, and not
removable or adjustable by unauthorized persons. If moveable, such a barrier should be interlocked using system control
criteria as defined in this paragraph.
Physical devices that do not require adjustment for use or other operator intervention.
Control systems having redundancy with self-checking upon startup to ensure the continuance of performance.
Barrier guard or protective device preventing intentional exposure of any part of the body to the hazard, and secured
with special fasteners or a lock. If moveable, such a barrier should be interlocked using system control criteria as defined in
this paragraph.
Control systems having redundancy with continuous self-checking to ensure the continuance of performance.
Barrier guard or protective device providing simple guarding against inadvertent exposure to the hazard. Examples are
a fixed screen, chuck guard, or moveable barrier with simple interlocking using system control criteria as defined in this
paragraph.
Physical devices that require adjustment for use.
Control systems (including associated protective devices, actuators and interfaces) having redundancy that may be
manually checked to ensure the continuance of performance.
Physical barrier providing tactile or visual awareness of the hazard, or minimal protection against inadvertent exposure.
Examples are post and rope, swing-away shield, or moveable screen.
Electrical, electronic, hydraulic or pneumatic devices and associated control systems using a single-channel configuration.
ANSI/RIA R15.06
Table 1
Factor
Severity
Exposure
Avoidance
Category
Criteria
Normally Irreversible; or fatality; or requires more than first-aid as
S2 Serious Injury
defined in OSHA 1904.12
Normally reversible; or requires only first-aid as defined in OSHA
S1 Slight Injury
1904.12
Frequent
Typically exposure to the hazard more than once per hour.
E2
Exposure
Infrequent
Typically exposure to the hazard less than once per day or shift.
E1
Exposure
Cannot move out of the way; or inadequate reaction time; or
Not Likely
A2
robot speed greater than 250mm/sec.
Can move out of the way; or sufficient warning/reaction time; or
A1
Likely
robot speed less than 250mm/sec.
Table 1 - Hazard Severity/Exposure/Avoidance Categories
ANSI/RIA R15.06
Table 2
Avoidance Risk Reduction Category
Exposure
E2 Frequent
A2 Not Likely
R1
S2 Serious Injury
A1 Likely
Exposure
R2A
More than
E1 Infrequent
A2 Not Likely
R2B
First-aid
A1 Likely
Exposure
R2B
E2 Frequent
A2 Not Likely
R2C
A1 Likely
Exposure
S1 Slight Injury
R3A
First-aid
A2 Not Likely
R3B
E1 Infrequent
A1 Likely
Exposure
R4
Table 2 - Risk reduction decision matrix prior to safeguard selection
Severity of Exposure
ANSI/RIA R15.06
Table 3
Category
R1
R2A
R2B
R2C
R3A
SafeGuard Performance
Circuit Performance
Hazard Elimination or hazard substitution
Control Reliable (4.5.4)
(9.5.1)
Engineering controls preventing acess to Control Reliable (4.5.4)
the hazard, or stopping the hazard (9.5.2),
e.g. interlocked barrier guards, light
Single Channel with monitoring (4.5.3)
curtains, safety mats, or other presence
sensing devices (10.4)
Single Channel (4.5.2)
Non interlocked barriers, clearance,
procedures and equipment (9.5.3)
R3B
R4
Safeguard Performance
Hazard Elimination or hazard
substitution
Engineering controls preventing
acess to the hazard, or stopping
the hazard, e.g. interlocked barrier
guards, light curtains, safety
mats, or other presence sensing
devices
ANSI/RIA
R15.06-1999
(R2009)
ISO 10218-2
ISO 10218-1
ISO 13849-1:1999 ISO 13849-1:2006 IEC 62061:2005
Category
PL
SIL
Control Reliable
(4) 3
(e) d
(3) 2
Control Reliable
Single Channel
with Monitoring
d/c
2/1
Single Channel
n/a
ANSI/RIA R15.06
Summary of requirements
System behaviour
B
(see 6.2.1)
1
(see 6.2.2)
2
(see 6.2.3)
3
(see 6.2.4)
4
(see 6.2.5)
Principles to
achieve safety
Mainly
characterized
by selection of
components
Mainly
characterized
by structure
ISO 13849-1
RISK FACTOR
VALUE
DEFINITION
S1
S2
Frequency and/or
Exposure to
Hazard
F1
F2
Possibility of
Avoiding Hazard
of Limiting Harm
P1
P2
Scarcely possible
Severity of Injury
ISO 13849-1
ISO 13849-1
Relationship between Categories, DCavg, and MTTFd of Each Channel and PL
High
High
Redundancy with
Continuous Self-Checking
Redundancy with
Continuous Self-Checking
No Equivalent
Index
ISO 10218-1:2007
ISO 13849-1:1999
(EN 954-1:1996)
Category
R1
Control Reliable
(4) 3
(e) d
(3) 2
R2A
Control Reliable
R2B
d/c
2/1
ISO 10218:20(11?)
ISO 13849-1:2006
IEC 62061:2005
PL
SIL
Medium
No Equivalent
No Equivalent
No Equivalent
No Equivalent
Low
No Equivalent
No Equivalent
No Equivalent
No Equivalent
Negligible
Single Channel
R2C
Single Channel
Negligible
Single Channel
R3A
Single Channel
R3B
Simple
R4
Simple
n/a
No Equivalent
No Equivalent
While there are similarities between the levels of risk reduction in the various columns, an exact one-to-one comparison is virtually
impossible. This chart is intended to show the comparative similarities between each standard. Where risk reduction measures depend
on configurable devices, the reliability of these devices and the system should be appropriate for the level of risk.
Omron STI 2012
Step 8
Hierarchy of Control
PROTECTIVE
MEASURE
Most Effective
Elimination
or
Substitution
Safeguarding
Technologies /
Protective Devices
Awareness Means
Least
Effective
EXAMPLES
Barriers
Interlocks
Presence sensing devices
(light curtains, safety mats,
area scanners, etc.)
Two hand control and two
hand trip devices
Training and
Procedures
Personal Protective
Equipment
(PPE)
CLASSIFICATION
Design Out
Engineering
Controls
Administrative
Controls
Effectiveness of PPE
Dust Mask
Face Shield
Hard Hat
Omron STI 2012
Effectiveness of PPE
Step 9
Proper Installation
Proper installation is key to the reliability of the entire system
Use tried and true methods set forth by:
Step 10
Ds
K (T total)
Dpf
Hazard Zone
Safety Distance (Ds) for devices with a larger value for object
sensitivity must be placed farther from the hazard than a device
with higher resolution.
Step 11
Is this tolerable?
If this risk is not tolerable, no chainsaw could ever be used.
Informative Note 3: See also, Annex F for additional information on achieving acceptable
risk.
Omron STI 2012
Close-out / Sign-off
Conduct the following before releasing the machine for
production:
Identify and document residual risk
Test for functionality
Document safe work procedures
Train personnel
Complete machine sign-off
Step 12
Review
Pages A8 & A9
Omron STI 2012
Page A10
Level of Risk
High
Cat 3-4,
Control
Reliable
Medium or
Intermediate
Low
Helps Determine
Guarding
Technology
High
(12+)
Medium
(7-11)
Low
(1-6)
Control Reliable
Control reliable safety circuitry shall be designed, constructed and applied such that any
single component failure shall not prevent the stopping action of the equipment. These
circuits shall include automatic monitoring at the system level.
1)
The monitoring shall generate a stop signal if a fault is detected. A warning shall be
provided if a hazard remains after cessation of motion;
2)
Following detection of a fault, a safe state shall be maintained until the fault is cleared;
3)
Common mode failures shall be taken into account when the probability of such a
failure occurring is significant;
4)
The single fault should be detected at time of failure. If not practicable, the failure shall
be detected at the next demand upon the safety function.
Single Channel
Single channel safety circuits shall:
1)
Include components which are safety-rated;
2)
Be used in compliance with the manufacturers recommendations and proven circuit
designs (e.g. a single channel electromechanical positive break device which signals a
stop in a de-energized state.)
Executive Summary
Lets review
What is a risk assessment and why do I have to do it?
A comprehensive evaluation of the hazards associated with a
machine.
It must be repeatable and documented
Lets Review
What is the difference between risk assessment and risk
reduction?
Risk Assessment identifies the hazards and exposure
Risk Reduction applied safeguards and processes to mitigate the
risks identifeid
What tools are available?
There are a wealth of third party software products
None do the job for you, you must have expertise
Questions?